4513 matches found
CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...
RUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`
It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...
Rand is unsound with a custom logger using `rand::rng()`
It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...
SUSE SLES15 / openSUSE 15 Security Update : freerdp (SUSE-SU-2026:1217-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1217-1 advisory. This update for freerdp fixes the following issue: - CVE-2026-24684: Heap-use-after-free in playthread bsc1257991. Tenable has extracted t...
DEBIAN-CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...
UBUNTU-CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...
CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...
CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...
CVE-2026-5795
In Eclipse Jetty, the JASPIAuthenticator initializes authentication checks that set two ThreadLocal variables. After returning from these initial checks, the code may take an early return path without clearing the ThreadLocals. A subsequent request that executes on the same thread inherits these ...
Security update for freerdp
This update for freerdp fixes the following issue: CVE-2026-24684: Heap-use-after-free in playthread bsc1257991. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...
SUSE-SU-2026:1217-1 Security update for freerdp
This update for freerdp fixes the following issue: - CVE-2026-24684: Heap-use-after-free in playthread bsc1257991...
freerdp: FreeRDP heap-use-after-free
A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006823)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006823 advisory. In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the...
ROS-20260408-73-0010
A vulnerability in the findhwthreadmask function of the drivers/infiniband/hw/hfi1/affinity.c component of the Linux kernel is related to the lack of division by zero check. Exploitation of the vulnerability allows an intruder to affect confidentiality, integrity and availability of protected...
ROS-20260408-73-0007
A vulnerability in the fs/ntfs3/file.c component of the Linux kernel is related to mutual blocking of execution threads. Exploitation of the vulnerability allows an attacker to cause a denial of service...
ROS-20260408-73-0008
A vulnerability in the mempoolalloc function of the mm/kmemleak.c component of the Linux kernel is related to mutual blocking of execution threads. Exploitation of the vulnerability allows an attacker to cause a denial of service...
freerdp: FreeRDP heap-use-after-free
A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...